Security UPDATE--Spyware Detection and Classification--July 20, 2005

1. In Focus: Spyware Detection and Classification

2. Security News and Features

- Recent Security Vulnerabilities

- VeriSign Buys iDEFENSE

- Firefox 1.0.5 Fixes a Dozen Security Problems

- IIS Application Isolation

3. Instant Poll

4. Security Toolkit

- Security Matters Blog

- FAQ

- Security Forum Featured Thread

5. New and Improved

- PC Protection

==== Sponsor: Qualys ====

Map, Scan and Audit Your Network for Security Compliance

Testing and improving your network security has never been easier. Requiring NO software, QualysGuard will safely and accurately audit your network and provide you with the necessary fixes to proactively guard your network. Qualys delivers the most vulnerability checks in the industry (4,000+), the highest scan engine accuracy - certified 99.997% accuracy based on more than a million scans per month and timely, up-to-date security checks and network intelligence. QualysGuard also delivers complete risk management functionality including: asset prioritization, business risk assessment, trend analysis, compliance reporting, remediation workflow, and more.

Try the Free Scan today and make sure your network perimeter can withstand an attack:

http://freescan.qualys.com/?lsid=6480

==== 1. In Focus: Spyware Detection and Classification ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You've probably heard by now that Microsoft is, or was, interested in making a deal to acquire Claria--a company known for its personal- information-tracking software. Formerly known as Gator, Claria is for the most part considered to be a propagator (no pun intended) of spyware that's bundled with many popular software packages such as the Kazaa peer-to-peer file-sharing application.

Last I heard, Microsoft scrapped its plans to acquire the company, although I'm not sure if that's true. Nevertheless, Microsoft caught some additional heat last week because it downgraded the severity rating of Claria's software in Windows AntiSpyware. The severity rating of similar software from other companies, such as WhenU and 180solutions, was reported to have also been downgraded.

In an open letter published at its Web site (see the URL below), Microsoft said it made no exceptions for Claria and that the company "decided that adjustments should be made to the classification of Claria software in order to be fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors."

http://www.microsoft.com/athome/security/spyware/software/claria_letter.mspx

The letter goes on to say that "Today, anti-spyware vendors use different approaches, definitions, and types of criteria for identifying and categorizing spyware and other potentially unwanted software. This has limited the industry's ability to have a broad, coordinated impact in addressing the problem. That is a key reason Microsoft is a founding member of the Anti-Spyware Coalition, a group of technology companies and anti- spyware companies working alongside public interest groups to address key spyware issues."

The Anti-Spyware Coalition (first URL below) was actually convened by the Center for Democracy and Technology earlier this year. Microsoft was one of over a dozen entities that took part in the initial meeting. The coalition recently published the first draft of its "Anti-Spyware Coalition Definitions and Supporting Documents" (second URL below), which is now open for a 30-day public comment period.

http://www.antispywarecoalition.org

http://www.antispywarecoalition.org/definitions.pdf

The definitions outline a number of different types of spyware and describe the underlying technology and why it might or might not be useful. Microsoft and numerous other companies undoubtedly use these definitions as part of their guidelines for classifying software in their respective antispyware solutions. So reading the documents might help you get a better understanding of what spyware is from the perspective of various vendors.

Another interesting part of the documents is the outline for vendor dispute and false positive resolution. I'd guess that Claria and other vendors have used that, or a similar process, to have Microsoft review its software more closely, resulting in changes in software's severity rating in Windows AntiSpyware.

If you're interested in learning more and helping shape the way coalition members handle spyware detection and classification, be sure to read the first draft and send any comments you might have to the coalition before the end of the public comment period, August 12. After that time, the coalition will work to publish a final release sometime in the fall.

==== Sponsor: BindView ====

Using Security Compliance Software to Improve Business Efficiency and Reduce Costs

Learn To Sort Through Sarbanes-Oxley, HIPAA And More Legislation Quicker And Easier! In this free white paper, get the tips you've been looking for to save time and money in achieving IT security and regulatory compliance. Find out how you can simplify these manually intensive, compliance-related tasks that reduce IT efficiency. Turn these mandates into automated and cost effective solutions - Download your copy today!

http://www.windowsitpro.com/Whitepapers/bindview/regulatorycompliance/index.cfm?code=secmid_720

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

VeriSign Buys iDEFENSE

VeriSign announced that it acquired security research firm iDEFENSE for $40 million in cash. iDEFENSE provides security-related information to companies around the world.

http://www.windowsitpro.com/Article/ArticleID/47037

Firefox 1.0.5 Fixes a Dozen Security Problems

Mozilla Foundation released Firefox 1.0.5, which fixes a dozen security problems and improves stability. While Firefox 1.0.5 does represent an improvement over previous versions, it has some known issues, so be sure to read about those for any caveats that might apply to your particular systems.

http://www.windowsitpro.com/Article/ArticleID/47033

IIS Application Isolation

From time to time, you're probably called on to deploy a Web application that traffics sensitive information. That application might also reside on an IIS server that hosts other applications. What questions and considerations do you think about as you devise your plan for implementing the highest degree of application isolation you can manage? Brett Hill helps you think things through in this article on our Web site.

http://www.windowsitpro.com/Article/ArticleID/45549

==== Resources and Events ====

Sort Through Sarbanes-Oxley, HIPAA, and More Legislation Quicker and Easier!

In this free Web seminar, get the tips you've been looking for to save time and money in achieving IT security and regulatory compliance. Find out how you can simplify these manually intensive, compliance-related tasks that reduce IT efficiency. Turn these mandates into automated and cost-effective solutions. Register now!

http://www.windowsitpro.com/seminars/regulatorycompliance/index.cfm?code=0720emailannc

Recover Your Active Directory

Get answers to all your Active Directory recovery questions here! Join industry guru Darren Mar-Elia in this free, on-demand Web seminar and discover how to use native recovery tools and methods, how to implement a lag site to delay replication, limitations to native recovery approaches, and more. Learn how you can develop an effective AD backup strategy. Register today!

http://www.windowsitpro.com/seminars/activedirectoryrecovery/index.cfm?code=0720emailannc

All High-Availability Solutions Are not Created Equal--How Does Yours Measure Up?

In this free Web seminar, you'll get the tools you need to ensure your systems aren't going down. You'll discover the various categories of high-availability and disaster-recovery solutions available and the pros and cons of each. You'll learn what solutions help you take preemptive, corrective action without resorting to a full system failover, or in extreme cases, that perform a non-disruptive, automatic switchover to a secondary server.

http://www.windowsitpro.com/seminars/truehighavailability/index.cfm?code=0720emailannc

Antispam product not working?

Many email administrators are experiencing increased frustration with their current antispam products as they battle new and more dangerous email threats. In-house software, appliances, and even some services may no longer work effectively, require too much IT staff time to update and maintain or satisfy the needs of different users. In this free Web seminar, learn how you can search for a better way to protect your email systems and users.

http://www.windowsitpro.com/seminars/antispamsolutions/index.cfm?code=0720emailannc

Integrate Fax Services with Business Applications for Big ROI

In this free eBook, you'll discover all you need to know about fax technology! You'll learn how to improve business processes by minimizing manual faxing and integrating faxing into your business workflow for improved ROI. The eBook will also look at the how-to of the desktop fax client, fax automation, faxing hardware and software technologies, and the future of faxing. Let this important guide help you stay on top of fax server technology within your business environment.

http://www.windowsitlibrary.com/Ebooks/faxservers/Index.cfm?code=0720emailannc

Influencers 2005: Thriving In The Face Of Regulation: How to Accommodate the New Corporate Governance Regime and Achieve Optimum Financial Performance

Join Arthur Levitt, former chairman of the SEC, Arnold Hanish, and Scott Mitchell as they discuss the most important management challenge facing businesses today--Wednesday, July 20 at 11:00 a.m. EDT. Register here:

http://bfmag.com/webcasts/7-20-05/index.html?w=1&ext_event_user_cd=winit&partnerref=winit

==== 3. Instant Poll ====

Results of Previous Poll: Does your network firewall provide stateful application-layer inspection in addition to the traditional stateful packet inspection?

The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 10 votes.

- 50% Yes

- 50% No

New Instant Poll: Do you regularly scan your external network IP addresses for open ports on your network and compare the results against a known good baseline?

Go to the Security Hot Topic and submit your vote for

- Yes, I regularly scan my network and compare against a baseline.

- Yes, I periodically scan but merely review the results.

- No, I don't scan, but I think I should.

- No, I don't think scanning is useful.

http://www.windowsitpro.com/windowssecurity#poll

==== Featured White Paper ====

Do You Know If Your Network Is At Risk Of A Trojan Attack?

Discover the various methods available for controlled Internet access and how to use them to increase security and decrease legal exposure. Download your free white paper now!

http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm

==== 4. Security Toolkit ====

Security Matters Blog: Endian Firewall--Check It Out

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Endian Firewall easily turns a computer into a firewall appliance. The open-source project is based on IPCop, sports a Web-based configuration, and has OpenVPN built in for quick setup of a VPN.

http://www.windowsitpro.com/Article/ArticleID/46911

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I determine whether a Dfs root is a standalone root or a fault- tolerant root stored in Active Directory (AD)?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/46992

Security Forum Featured Thread: Changing a Password Without Logging In

A forum participant wants to know whether there is a way for users to change their passwords themselves without logging on to the domain. Join the discussion at

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=42107

==== Announcements ====

(from Windows IT Pro and its partners)

Check Out the New Windows IT Security Newsletter!

Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire security article database (over 1900 security articles)! Order now:

http://www.secadministrator.com/rd.cfm?code=00eu2557su

Vote for the Next MCP Hall of Famer

Help decide who the most valuable member of the MCP community is. Take the time to reward excellence to those that deserve it and to make yourself a part of the first ever MCP Hall of Fame. Voting only takes a few seconds, so cast your vote now for Round 5. Click here:

http://www.windowsitpro.com/mcphalloffame

==== 5. New and Improved ====

by Renee Munshi, [email protected]

PC Protection

Privacyware offers the Total Endpoint Protection Suite, which combines the company's Privatefirewall 4.0 and SafeEnd's USB Port Protector in a package that's currently priced at $39.99 per seat (with a 50-seat minimum). Privatefirewall is a firewall and Intrusion Detection System (IDS). You can select from versions of Privatefirewall that add Computer Associates' eTrust PestPatrol Anti-Spyware software only or that add both CA's PestPatrol and eTrust EZ Antivirus software. USB Port Protector lets only pre- authorized devices connect through a USB port. For more information, go to

http://www.privacyware.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Sponsored Links ====

Argent versus MOM 2005

Experts Pick the Best Windows Monitoring Solution

http://a.windowsitpro.com/RealMedia/ads/click_lx.ads/www.windowsitpro.com/TextLink/1112745096/x14/Penton/WN_Argent_July05_NLSplink_116194/1x1.gif/1

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]